US7451312B2ExpiredUtilityA1
Authenticated dynamic address assignment
Est. expiryMar 7, 2020(expired)· nominal 20-yr term from priority
H04L 2101/604H04L 61/5007H04L 61/5014H04L 9/40H04L 61/5053H04L 63/0807H04L 69/329
87
PatentIndex Score
58
Cited by
21
References
12
Claims
Abstract
A method for an uninitialized client to obtain credentials from a server which are then used to provide authenticated exchange for network configuration parameter assignment. The obtained credentials can be applied to an authentication option when a dynamic host configuration protocol (DHCP) is being used for address assignment.
Claims
exact text as granted — not AI-modified1. A method of providing configuration parameters to an uninitialized client in a client-server broadcast network, said method comprising:
receiving at a proxy connected to said broadcast network a local broadcast communication initiated by said uninitialized client and intended for reception at a trusted key source, wherein said local broadcast communication includes the hardware address for said uninitialized client and wherein said proxy operates as a security intermediary between said uninitialized client and said trusted key source;
recording said hardware address for said uninitialized client at said proxy;
adding at said proxy authorization data to said received local broadcast communication when said received local broadcast communication does not include said authorization data;
forwarding said received local broadcast communication from said proxy to said trusted key source;
utilizing said trusted key source to perform a mutual authentication with said unitialized client;
generating at said trusted key source a ticket which includes said hardware address for said uninitialized client to said proxy;
forwarding said ticket, upon successful completion of the mutual authentication, from said trusted key source to said uninitialized client via said client-server broadcast network; and
employing said ticket to obtain a network address from said server via an authenticated address assignment protocol.
2. The method as described in claim 1 and wherein said employing said ticket to obtain a network address comprises:
sending an authenticated first message in said authenticated address assignment protocol from said uninitialized client to said server.
3. The method as described in claim 2 wherein said authenticated first message is authenticated with said ticket.
4. The method as described in claim 1 wherein said utilizing a trusted key source to provide ticket to said proxy comprises:
utilizing a Kerberos key management protocol.
5. The method as described in claim 1 wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
utilizing Dynamic Host Configuration Protocol.
6. The method as described in claim 1 wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
utilizing said authenticated address assignment protocol selected from a set of a plurality of address assignment protocols.
7. The method as described in claim 6 wherein said plurality of authenticated address assignment protocols comprises:
Dynamic Host Configuration Protocol; and
RSIP.
8. The method as described in claim 1 wherein said employing said ticket to obtain a network address from said server via an authenticated address assignment protocol comprises:
obtaining an IP address.
9. The method as described in claim 1 wherein said act of employing a trusted key source to provide ticket to said uninitialized client is not embedded in said authenticated address assignment protocol.
10. The method as described in claim 1 , wherein said authorization data identifies a realm.
11. The method as described in claim 10 , wherein said realm is a Kerberos administrative domain that represents a group of principals registered at a Kerberos key distribution center.
12. The method as described in claim 11 , wherein said realm comprises at least one of an uninitialized client realm, a Kerberos realm, or a Dynamic Host Configuration Protocol server realm.Cited by (0)
No later patents cite this yet.
References (0)
No backward citations on record.